The U.S. Department of Health and Human Services' Office for Civil Rights announced Presence Health will pay $475,000 for the first HIPAA settlement based on the untimely reporting of a data breach involving unsecured protected health information. Presence Health sent a breach notification to the OCR in January 2014 stating it had discovered paper-based operating room schedules containing the PHI of 836 individuals had gone missing in October 2013. An OCR investigation found Presence Health did not notify the affected individuals, prominent media outlets, and the OCR within 60 days of discovering the breach. “Covered entities need to have a clear policy and procedures in place to respond to the Breach Notification Rule’s timeliness requirements” said OCR Director Jocelyn Samuels.
If you want to comment on this post, you need to login.